1. Field of the Invention
The present invention relates to cryptographic algorithms, and more specifically to cryptographic hash computations.
2. Description of the Related Art
Cryptographic algorithms such as cryptographic hash computations are secure one-way hash functions that take a variable-length message and produce a fixed-length hash message. The most commonly used cryptographic hash functions are the Secure Hash Algorithms (SHA), which is a U.S. Government standard known as the FIPS 180-2 secure hash standard. The FIPS 180-2 secure hash standard specifies four secure hash functions, each providing different levels of security. Most applications use SHA-1, which is a prerequisite for the Standard Performance Evaluation Corp. (SPEC) industry standard benchmark, commonly known as SPECweb99_SSL, for a Secure Sockets Layer (SSL) protocol used on secure web servers. The other three secure hash algorithms include SHA-256, which is intended as a companion for the new Advanced Encryption Standard (AES), SHA-384, and SHA-512.
The cryptographic hash computations take a message of a specified length as an input and with the use of a hash function, computes a message digest of specified length as an output. The input can include a message of up to 264 bits for SHA-1 and SHA-256 and a message of up to 2128 bits for SHA-384 and SHA-512. The output can range from 160-bits for SHA-1 to 512-bits for SHA-512.
Cryptographic hash computations are a critical component of the processing required in many cryptographic operations. For instance, they are heavily utilized in secure web transactions and account for a significant percentage of the total processing overhead associated with SPECweb99_SSL. They are also extensively used in protocols such as Internetwork Protocol Security (IPSEC), which enable secure communication using IP.
For example, FIG. 1A is a diagram illustrating secure communication on a network using IP. A sender 110 can send a message 140 to a recipient 120 via a network connector 130. Before the message 140 leaves the sender 110, an encryption algorithm 150 processes the message 140 to produce a secure message. The secure message travels via the network connector 130 and arrives at the recipient 120 for decryption. Subsequently, the encryption algorithm 150 processes the secure message to produce the message 140.
The use of the cryptographic hash computation is shown in FIG. 1B, which is a diagram illustrating an encryption and authentication process. The encryption algorithm 150 processes the message 140 to produce an encrypted message 160. The encrypted message 160 is passed to an authentication algorithm 170 that produces a result 180 using a shared secret 165. Then, the result 180 and the encrypted message 160 are concatenated and sent to the recipient. Then, the recipient applies the cryptographic hash computation to the encrypted message 160 in order to obtain a hash number. Subsequently, the hash number is compared with the hash number transmitted with the encrypted message 160. If there is no difference, then the encrypted message 160 is authentic.
Cryptographic hash computations are computationally intensive and can consume many processor computing cycles. Specifically, the complex and repetitive computations required by the cryptographic hash computation can impact the secure network performance of a processor. To improve the performance of the processor, implementations for cryptographic hash computations have included pipelining instructions on one execution unit. However, this solution leaves other execution units in the processor idle. Thus, valuable processor computing cycles are wasted in idle execution units while only one execution unit is busy performing cryptographic hash computations.
Accordingly, what is needed is an apparatus and a method for accelerating a cryptographic hash computation on a processor and reducing wasted processor computing cycles by idle execution units.